Cisco has admitted to losing some customers' data last week due to a Meraki cloud configuration data. The company revealed in an update on Friday that its engineering team made a configuration change on the North American object storage service that led to some of its customer data being deleted in the process.
Meraki is a subsidiary of Cisco that offers cloud-managed information technologies for wireless, switching, security, EMM, communications and security cameras via its web-based dashboard interface.
"On August 3rd, 2017, our engineering team made a configuration change that applied an erroneous policy to our North American object storage service and caused certain data uploaded prior to 11:20AM Pacific time on August 3 to be deleted," the company said. "The issue has since been remediated and is no longer occurring.
"In the majority of cases, this issue will not impact network operations, but will be an inconvenience as some of your data may have been lost. Your network configuration data is not lost or impacted — this issue is limited to user-uploaded data."
The firm said its engineering team has been working over the weekend to see if they could recover any customers' data and will provide tool to "help our customers specifically identify what has been lost from their organization".
"We recommend waiting until we make these tools available prior to restoring files as we will be trying to design our tools to help our customers save time," the firm said. "We are deeply regretful for this error and apologize for the inconvenience caused."
The company will provide an update on Monday (7 August) informing customers about the "current status of what resources we will be making available to help restore functionality".
Cisco did not specify how many customers' were affected in the incident. Its Meraki service is used by over 140,000 customers and 2 million network devices, according to the company's website.
Customer data erased include Meraki dashboard custom splash themes, custom floor plans, branding logos, summary reports and uploaded device placement photos. Other data deleted in the incident include custom enterprise apps, interactive voice response menus, music on hold, contact images and voice mail greetings.
The latest cloud-related incident comes amid security experts' growing concerns about digital and cloud security following numerous gaffes that have led to users' data being erroneously publicly exposed.
Last month, hundreds of companies including IBM's Weather Company, Fusion Media Group and Freshworks using Google Groups for internal, private messages were found to have accidentally exposed sensitive information publicly due to a configuration error by group administrators.
Dow Jones & Co recently confirmed that the personal and financial data of nearly 2.2 million customers were exposed due to a configuration error in Amazon's S3 bucket.
Earlier this year, Amazon Web Services' massive S3 outage for several hours was caused due to an engineering error.
"The public cloud can be highly secure when configured correctly, but what we're seeing is there's an overarching learning curve when it comes to how organizations should properly secure cloud applications and public cloud infrastructure. Unfortunately, many aren't getting basic security right," Varun Badhwar, co-founder & CEO of RedLock told IBTimes UK. "Data leaks like this are becoming all too common today. And the troubling fact is that we'll most likely continue to see these types of incidents at increasing rates in the near future.
"The recent leaks have shown that more education is needed for the industry about best practices for configuring and securing public cloud infrastructure, as well as the shared responsibility model, wherein organizations themselves are responsible for securing their networks, users and applications in the cloud."